0

OK when I save uploaded files with PHP via move_uploaded_file() I cannot use an absolute URL I have to use a relative one. My site has 2 root directories one for the http side and one for the https side: httpdocs and httpsdocs respectively. So if my script is on the https side how can I save the file to a location on the http side?

Thanks!

UPDATE OK so it seems like I am using the wrong absolute path convention I am doing it like this:

$dir = 'https://www.mydomain.com/masonic_images/';
move_uploaded_file($_FILES['blue_image']['tmp_name'], $dir.$new_name);
JD Isaacks
  • 56,088
  • 93
  • 276
  • 422

4 Answers4

5

move_uploaded_file() doesn't accept URLs for either parameter. The destination is an absolute path on your filesystem.

<?php
$dir = '/var/www/httpsdocs/'; // Adjust to your configuration
move_uploaded_file($_FILES['blue_image']['tmp_name'], $dir.$new_name);

As @apphacker suggested. you can use realpath(__FILE__) to determine the absolute path to a file.

Community
  • 1
  • 1
matpie
  • 17,033
  • 9
  • 61
  • 82
2

If you cannot use the absolute path because you don't know what the absolute path is, use PHP's realpath() to figure out what it is and then use it.

Bjorn
  • 69,215
  • 39
  • 136
  • 164
1

Are the httpdocs and httpsdocs directories both located in the same parent folder? If so, just use a relative path for the second parameter in move_uploaded_file to place the file in the other root directory.

For example:

$uploaddir = '../httpdocs/';
$uploadfile = $uploaddir . basename($_FILES['myfile']['name']);

This code assumes that the uploading script is located in the httpsdocs root directory, and that you want to save the file into the httpdocs directory.

Jon Benedicto
  • 10,492
  • 3
  • 28
  • 30
  • Thanks, I tried what you said and I got this error: "Warning: move_uploaded_file(): open_basedir restriction in effect. File(../../httpdocs/masonic_images/41_red_391-1-l.jpg) is not within the allowed path(s)" – JD Isaacks Apr 14 '09 at 19:15
  • 1
    Your web server has PHP configured to block all file accesses outside the current site root. Unless you can turn the open_basedir restriction off, there is no way to place the images in the other directory. – Jon Benedicto Apr 14 '09 at 19:26
  • @Jon is there a way to do that with .htaccess? Thanks – JD Isaacks Apr 14 '09 at 19:33
  • Unfortunately, no. The open_basedir directive can only be changed in httpd.conf or php.ini. – Jon Benedicto Apr 14 '09 at 20:02
  • @Jon I can ask my host to change this, but first is there any negative or security holes that can open by changing? Thanks a lot. – JD Isaacks Apr 14 '09 at 20:09
  • 1
    Not really, if you're careful to validate any user input that might control which files are opened/created. – Jon Benedicto Apr 14 '09 at 23:03
1

Note that since you put uploaded files inside httpdocs it could be possible to upload a php file and execute arbitrary code.

Gleb
  • 2,404
  • 1
  • 13
  • 7